From security@linux-mandrake.com Mon Apr 19 16:04:53 2004 From: Mandrake Linux Security Team To: full-disclosure@lists.netsys.com Date: 19 Apr 2004 18:50:40 -0000 Subject: [Full-Disclosure] MDKSA-2004:031 - Updated utempter packages fix several vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: utempter Advisory ID: MDKSA-2004:031 Date: April 19th, 2004 Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 ______________________________________________________________________ Problem Description: Steve Grubb discovered two potential issues in the utempter program: 1) If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another important file, programs that have root privileges that do no further validation can then overwrite whatever the symlink pointed to. 2) Several calls to strncpy without a manual termination of the string. This would most likely crash utempter. The updated packages are patched to correct these problems. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: e5458d8e68dd55b2dcface9f2ead71cd 10.0/RPMS/libutempter0-0.5.2-12.1.100mdk.i586.rpm 366d48de884799751c7110f84d835cc0 10.0/RPMS/libutempter0-devel-0.5.2-12.1.100mdk.i586.rpm 6eabf21bdf9d7eba1a86fac4589e5714 10.0/RPMS/utempter-0.5.2-12.1.100mdk.i586.rpm 52a5e2fa807981cba7156213684bb9ce 10.0/SRPMS/utempter-0.5.2-12.1.100mdk.src.rpm Corporate Server 2.1: c16478b61d52db976f712b5817bbf167 corporate/2.1/RPMS/libutempter0-0.5.2-11.1.C21mdk.i586.rpm 7f74bd805709457dfb71a3bdc91f2577 corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.1.C21mdk.i586.rpm eb25144f12a1d93d7d9634964a1d7bbd corporate/2.1/RPMS/utempter-0.5.2-11.1.C21mdk.i586.rpm ef9fe684449e0faaf59be81ed63df284 corporate/2.1/SRPMS/utempter-0.5.2-11.1.C21mdk.src.rpm Corporate Server 2.1/x86_64: 284d5f6f9bded143a8d26c8062eb9e70 x86_64/corporate/2.1/RPMS/libutempter0-0.5.2-11.1.C21mdk.x86_64.rpm 62ada7f5235b513c978dc8eea2184b8b x86_64/corporate/2.1/RPMS/libutempter0-devel-0.5.2-11.1.C21mdk.x86_64.rpm 8755f9214bb5412a204b24e6cce68ab5 x86_64/corporate/2.1/RPMS/utempter-0.5.2-11.1.C21mdk.x86_64.rpm ef9fe684449e0faaf59be81ed63df284 x86_64/corporate/2.1/SRPMS/utempter-0.5.2-11.1.C21mdk.src.rpm Mandrakelinux 9.1: ff42f22d509bf90dc87c29acf970548b 9.1/RPMS/libutempter0-0.5.2-10.1.91mdk.i586.rpm 7f100656a81b88e2ddc0f1a3ffd6cc1d 9.1/RPMS/libutempter0-devel-0.5.2-10.1.91mdk.i586.rpm ae56735580eaff60027404a27843b28f 9.1/RPMS/utempter-0.5.2-10.1.91mdk.i586.rpm 1f308d636a246978a66f79802467e09b 9.1/SRPMS/utempter-0.5.2-10.1.91mdk.src.rpm Mandrakelinux 9.1/PPC: 1c72b8d5bf1e88e267fdd818094f1d52 ppc/9.1/RPMS/libutempter0-0.5.2-10.1.91mdk.ppc.rpm 45e56e24d73c0744460908206164bad6 ppc/9.1/RPMS/libutempter0-devel-0.5.2-10.1.91mdk.ppc.rpm 218199c662a394416a5b37ce95fe69fe ppc/9.1/RPMS/utempter-0.5.2-10.1.91mdk.ppc.rpm 1f308d636a246978a66f79802467e09b ppc/9.1/SRPMS/utempter-0.5.2-10.1.91mdk.src.rpm Mandrakelinux 9.2: 90522a1350a48e3527ac5d62e9f42d02 9.2/RPMS/libutempter0-0.5.2-12.1.92mdk.i586.rpm 93cc7f6b06e932fb669cf4f6e76d219f 9.2/RPMS/libutempter0-devel-0.5.2-12.1.92mdk.i586.rpm 9295f7ce85188523ef2ddf02e2137d4b 9.2/RPMS/utempter-0.5.2-12.1.92mdk.i586.rpm 6bcb323d7d50949a1b4f8bae5bd84fd6 9.2/SRPMS/utempter-0.5.2-12.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 92b815911cfc95b1fe982b1e6d34fbe9 amd64/9.2/RPMS/lib64utempter0-0.5.2-12.1.92mdk.amd64.rpm 7e5c27d4817e8bd1cb661baf4fa2098d amd64/9.2/RPMS/lib64utempter0-devel-0.5.2-12.1.92mdk.amd64.rpm d83101f51887fa4576ba70bd44dc96d4 amd64/9.2/RPMS/utempter-0.5.2-12.1.92mdk.amd64.rpm 6bcb323d7d50949a1b4f8bae5bd84fd6 amd64/9.2/SRPMS/utempter-0.5.2-12.1.92mdk.src.rpm Multi Network Firewall 8.2: 4a73fd406115139f44a96595d7a7d636 mnf8.2/RPMS/libutempter0-0.5.2-5.1.M82mdk.i586.rpm 4ec3be7ee3b1afc20cee08edd699d88c mnf8.2/RPMS/libutempter0-devel-0.5.2-5.1.M82mdk.i586.rpm 6f88c9436293c120c90877f12d8426a9 mnf8.2/RPMS/utempter-0.5.2-5.1.M82mdk.i586.rpm 273359b6f93965a0995a6c11cf3a1d77 mnf8.2/SRPMS/utempter-0.5.2-5.1.M82mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98 Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrakelinux at: http://www.mandrakesecure.net/en/advisories/ Mandrakesoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAhB+AmqjQ0CJFipgRAph7AKDlya68fexJ14qf1DchzBMhGBA+0gCgsOEM aRlgv9npCuiEhF7aWN+PaJg= =5mCk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html